• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.135-140
• /
• 2015

The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1913-1920
• /
• 2017

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.41-48
• /
• 2009

Distributed denial of service attack detection for more development and research is underway. The method of using statistical techniques, the normal packets and abnormal packets to identify efficient. In this paper several statistical techniques, using a mix of various offers a way to detect the attack. To verify the effectiveness of the proposed technique, it set packet filtering on router and the proposed DDoS attacks detection method on a Linux router. In result, the proposed technique was detect various attacks and provide normal service mostly.

• KEPCO Journal on Electric Power and Energy
• /
• v.1 no.1
• /
• pp.55-59
• /
• 2015

Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.2B
• /
• pp.90-99
• /
• 2007

It might be more efficient that detections of distributed denial of service (DDoS) attacks are done in backbone domain than in individual local networks or links. However, because existing schemes for detecting DDoS attack symptoms have been focused on individual packets or flows, they require much higher computational complexities. In this paper, we propose an efficient method to detect DDoS attack symptoms in backbone networks. Unlike conventional schemes focused on individual packets or flows, the proposed method is carried at aggregate traffic level. So, our proposed schemes can be operated with very lower computational complexity, and can be run in very high-speed backbone networks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.642-645
• /
• 2010

본 논문에서는 DDoS(Distribute Denial of Service) 공격 상황에서의 효율적인 iptables 정책 설계 방법에 대해 제안한다. 현재 구축된 인터넷 상황에서는 누구나 손쉽게 DDoS Attack 환경을 구축하여 특정 사이트를 공격할 수 있다. 이를 극복하기 위해 DDoS 방어전용 장비 등을 사용 할 수 있지만 고가라는 단점 때문에 개인 혹은 소규모 서비스 시스템에서 사용하기에 어려운 점이 많다. 본 논문은 이러한 상황을 극복하기 위해 개인 및 소규모 시스템에 적용 가능한 효율적인 iptables 정책을 제안한다. 제안한 각 정책별 성능 평가는 웹 서비스 환경과 DDoS 유형별 공격 시나리오를 가정하여 시행하였고, 이는 실제적으로 효과가 있음을 확인하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.652-654
• /
• 2021

Attacks such as DDoS are detected by the intrusion detection system and can be prevented early. DDoS attack traffic was analyzed using the decision tree. Deterministic features with high importance were found, and the accuracy was verified by proceeding the decision tree for only those properties. And the contents of false positive and false negative traffic were analyzed. As a result, the accuracy of one attribute was 98% and the two attributes were 99.8%, respectively.

• ETRI Journal
• /
• v.41 no.5
• /
• pp.560-573
• /
• 2019

Two supervised learning algorithms, a basic neural network and a long short-term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1215-1224
• /
• 2014

Various research was done to protect user's private data from malicious application which expose user's private data and abuse exposed data. However, a new type of malicious application were appeared. And these malicious applications use a smart phone as a new tools to perform secondary attack. Therefore, in this paper, we propose a method to detect the DDoS attack application installed inside the mobile device using the Android logging system.